Skip to content

The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when threats are detected.

An XCCDF Rule

Description

<VulnDiscussion>Without an alert, security personnel may be unaware of an impending failure of the audit capability, and the ability to perform forensic analysis and detect rate-based and other anomalies will be impeded. Alerts may be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. The IDPS must either send the alert to a management console that is actively monitored by authorized personnel or use a messaging capability to send the alert directly to designated personnel. The ISSM or ISSO may designate the firewall administrator and/or other authorized personnel to receive the alert within the specified time, validate the alert, and then forward only validated alerts to the ISSM and ISSO.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-239893r665992_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure email server and email addresses to send alerts to organization-defined personnel and/or the firewall administrator.

Step 1: Navigate to Policies >> Actions >> Alerts.

Step 2: From the Create Alert drop-down menu, choose Create Email Alert.